<?php
/***************************************************************************
 *
 *   copyright            : (C) 2005 Winds of Storm
 *
 *   $Id: submit.php,v 1.40 2007/11/08 20:39:07 amorgan Exp $
 *
 ***************************************************************************/

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

require("config.php");
$body['class']	= 'row1';
$body['id']	= 'submit';
$body['onload']	= "setFocus(); setButtons();";
$skip_header	= 1;
require($libdir . "init." . $phpEx);
require($libdir . "chat_functs." . $phpEx);
require($libdir . "rooms." . $phpEx);

if ($_REQUEST['logout'] != "") {
	$msg	= '';
	$sql	= "SELECT * FROM {$dbprefix}sessions WHERE session_id='{$_REQUEST['sid']}'";
	$result	= $db->sql_query($sql);
	$row	= $db->sql_fetchrow($result);
	if (is_array($row)) {
		$sql	= "SELECT * FROM {$dbprefix}prefs WHERE user_id={$row['user_id']}";
		$result	= $db->sql_query($sql);
		$p_row	= $db->sql_fetchrow($result);

		if ($p_row['user_logout_msg']) {
			$lmsg	= addslashes(addslashes($p_row['user_logout_msg']));
			$sql	= "INSERT INTO {$dbprefix}events (user_id_from, user_id_to, room_id_to, event_text, event_date, event_chat_flags)
					VALUES ({$row['user_id']}, 0, {$row['room_id']}, '<span class=sysmsg><i>*** {$row['username']} $lmsg [logging out]</i></span>', NOW(), 2)";
		} else {
			$sql	= "INSERT INTO {$dbprefix}events (user_id_from, user_id_to, room_id_to, event_text, event_date, event_chat_flags)
					VALUES ({$row['user_id']}, 0, {$row['room_id']}, '<span class=sysmsg><i>*** {$row['username']} has logged out.</i></span>', NOW(), 2)";
		}
		$result	= $db->sql_query($sql);

		$sql	= "UPDATE {$dbprefix}sessions SET room_id=-1 WHERE session_id='{$_REQUEST['sid']}'";
		$result	= $db->sql_query($sql);

		$room	= getRoomInfo($row['room_id']);
		if ($room['room_dynamic'] == 'yes') {
			$sql	= "SELECT COUNT(room_id) AS count FROM {$dbprefix}sessions WHERE room_id={$room['room_id']}";
			$result	= $db->sql_query($sql);
			$row	= $db->sql_fetchrow($result);

			if ($row['count'] == 0) {
				$sql	= "DELETE FROM {$dbprefix}rooms WHERE room_dynamic='yes' AND room_id={$room['room_id']}";
				$result	= $db->sql_query($sql);

				$sql	= "DELETE FROM {$dbprefix}events WHERE room_id_to={$room['room_id']}";
				$result	= $db->sql_query($sql);

				$msg	= "<br />Dynamic room '{$room['room_name']}' has been closed (last member logged out).";
			}
		}
	}
	$body['text']	= "<B>Logged out. Click <a target=_top href=index.$phpEx>here</a> to log back in.</b>$msg";
	setDomainText(__FILE__, &$header, $_REQUEST['cpsp']);
	showHeader($body, $header);
	exit;
}

$sql	= "SELECT * FROM {$dbprefix}sessions WHERE session_id='{$_REQUEST['sid']}'";
$result	= $db->sql_query($sql);
$row	= $db->sql_fetchrow($result);

if (!is_array($row)) {
	showFatalError("<B>Session expired. Click <a target=_top href=index.$phpEx>here</a> to log back in.</b>");
}

$room	= $row['room_id'];
$userid	= $row['user_id'];
$isMod	= $row['moderator'];

$sql	= "SELECT * FROM {$dbprefix}prefs WHERE user_id={$userid}";
$result	= $db->sql_query($sql);
$p_row	= $db->sql_fetchrow($result);

if ($p_row['user_alias'] != '') {
	$username	= $p_row['user_alias'];
} else {
	$username	= $row['username'];
}

$userinfo['userid']	= $userid;
$userinfo['username']	= $username;
$userinfo['isMod']	= $isMod;

if ($_REQUEST['message'] != "") {
	if ($p_row['user_tagline']) {
		$tag	= " (<i>" . addslashes($p_row['user_tagline']) . "</i>)";
	} else {
		$tag	= '';
	}

	if ($p_row['user_color']) {
		$msg_class	= "class=msg style=\'color: {$p_row['user_color']}\'";
	} else {
		$msg_class	= "class=msg";
	}

	$msg	= $_REQUEST['message'];
	$rname	= getRoomName($room);
	$userto	= 0;

	$event[0]['msg']	= $msg;
	$event[0]['room']	= $room;
	$event[0]['userto']	= 0;
	$event[0]['sflags']	= 0;
	$event[0]['cflags']	= 0;

	if (eregi("^/me", $msg) && $_REQUEST['userto'] == 0) {
		$msg	= eregi_replace("^/me 's", "<span $msg_class>* $username`s", $msg);
		$msg	= eregi_replace("^/me", "<span $msg_class>* $username", $msg);
		$msg	.= " </span>";

		$event[0]['msg']	= $msg;
	} else if (eregi("^/alias", $msg)) {
		if (strlen($msg) > 7) {
			$alias	= substr($msg, 7);
			if (($err = validAlias($alias, $userid)) == 1) {
				$sql	= "SELECT * FROM {$dbprefix}aliases WHERE user_id=$userid AND user_alias LIKE '$alias'";
				$result	= $db->sql_query($sql);
				if (($a_row = $db->sql_fetchrow($result)) != NULL) {
					$avatar	= $a_row['user_avatar'];

					if ($avatar != '') {
						$sql	= "UPDATE {$dbprefix}sessions SET avatar_url='$avatar' WHERE user_id=$userid";
						$db->sql_query($sql);
					}
				} else {
					$sql	= "INSERT INTO {$dbprefix}aliases (user_id, user_alias) VALUES ($userid, '$alias')";
					$db->sql_query($sql);
				}
				
				$sql	= "UPDATE {$dbprefix}prefs SET user_alias='$alias' WHERE user_id=$userid";
				$db->sql_query($sql);

				$event[0]['msg']	= addslashes("<span class=sysmsg><i>*** {$row['username']} assumes the personality of $alias</i></span>");
				$event[0]['cflags']	= 2;
			} else {
				$event[0]['room']	= 0;
				$event[0]['userto']	= $userid;
				$event[0]['msg']	= addslashes("<span class=sysmsg>*** Error: '$alias' is not valid for your use (someone else is already using it?) [code $err -- $userid].</span>");
			}
		} else {
			if ($row['username'] != $username) {
				$sql	= "UPDATE {$dbprefix}prefs SET user_alias='{$row['username']}' WHERE user_id=$userid";
				$db->sql_query($sql);
				$sql	= "UPDATE {$dbprefix}sessions SET avatar_url=board_avatar_url WHERE user_id=$userid AND board_avatar_url!=''";
				$db->sql_query($sql);

				$event[0]['msg']	= addslashes("<span class=sysmsg>*** {$row['username']} resumes their personality.</span>");
				$event[0]['cflags']	= 2;
			} else {
				$sql	= "SELECT * FROM {$dbprefix}aliases WHERE user_id=$userid AND user_alias LIKE '$username'";
				$result	= $db->sql_query($sql);
				if (($a_row = $db->sql_fetchrow($result)) != NULL) {
					$avatar	= $a_row['user_avatar'];
					$sql	= "UPDATE {$dbprefix}sessions SET avatar_url='$avatar' WHERE user_id=$userid";
					$db->sql_query($sql);
					$event[0]['cflags']	= 2;
					$event[0]['msg']	= addslashes("<span class=sysmsg>*** {$row['username']} refreshes their personality.</span>");
				} else {
					$event[0]['room']	= 0;
					$event[0]['userto']	= $userid;
					$event[0]['msg']	= addslashes("<span class=sysmsg>*** Error: you are not currently using an alias.</span>");
				}
			}
		}
	} else if (eregi("^/tempalias", $msg)) {
		if (strlen($msg) > 11) {
			$alias	= substr($msg, 11);
			if (($err = validAlias($alias, $userid)) == 1) {
				$sql	= "UPDATE {$dbprefix}prefs SET user_alias='$alias' WHERE user_id=$userid";
				$result = $db->sql_query($sql);
				$event[0]['msg']	= addslashes("<span class=sysmsg><i>*** {$row['username']} assumes the temporary personality of $alias</i></span>");
				$event[0]['cflags']	= 2;
			} else {
				$event[0]['room']	= 0;
				$event[0]['userto']	= $userid;
				$event[0]['msg']	= addslashes("<span class=sysmsg>*** Error: '$alias' is not valid for your use (someone else is already using it?) [code $err].</span>");
			}
		} else {
			if ($row['username'] != $username) {
				$sql	= "UPDATE {$dbprefix}prefs SET user_alias='{$row['username']}' WHERE user_id=$userid";
				$db->sql_query($sql);
				$sql	= "UPDATE {$dbprefix}sessions SET avatar_url=board_avatar_url WHERE user_id=$userid";
				$db->sql_query($sql);

				$event[0]['msg']	= addslashes("<span class=sysmsg>*** {$row['username']} resumes their personality.</span>");
				$event[0]['cflags']	= 2;
			} else {
				$event[0]['room']	= 0;
				$event[0]['userto']	= $userid;
				$event[0]['msg']	= addslashes("<span class=sysmsg>*** Error: you are not currently using an alias.</span>");
			}
		}
	} else if (eregi("^/tagline", $msg)) {
		if (strlen($msg) > 9) {
			$newtag	= substr($msg, 9);
			$newtag	= filter_msg($newtag);
			$newtag	= stripslashes($newtag);
			if (!eregi("<font", $newtag) && !eregi("<small", $newtag)) {
				$newtag	= "<font size=-2>$newtag</font>";
			}
			$msg	= addslashes("<span $msg_class><i>* Changed tagline to '") . $newtag . addslashes("'.</i></span>");
		} else {
			$newtag	= '';
			$msg	= addslashes("<span $msg_class><i>* Tagline has been cleared.</i></span>");
		}

		$sql	= "UPDATE {$dbprefix}prefs SET user_tagline='$newtag' WHERE user_id={$userid}";
		$db->sql_query($sql);

		$event[0]['room']	= 0;
		$event[0]['userto']	= $userid;
		$event[0]['msg']	= $msg;
	} else if (eregi("^/noavatars", $msg)) {
		$event[0]['room']	= 0;
		$event[0]['userto']	= $userid;
		$event[0]['cflags']	= 2;
		$event[0]['msg']	= addslashes("<span $msg_class><i>* No longer showing avatars.</i></span>");

		$sql	= "UPDATE {$dbprefix}prefs SET user_show_avatars='1' WHERE user_id={$userid}";
		$db->sql_query($sql);
	} else if (eregi("^/showavatars", $msg)) {
		$event[0]['room']	= 0;
		$event[0]['userto']	= $userid;
		$event[0]['cflags']	= 2;
		$event[0]['msg']	= addslashes("<span $msg_class><i>* Now showing avatars.</i></span>");

		$sql	= "UPDATE {$dbprefix}prefs SET user_show_avatars='0' WHERE user_id={$userid}";
		$db->sql_query($sql);
	} else if (eregi("^/help", $msg)) {
		$event[0]['room']	= 0;
		$event[0]['userto']	= $userid;
		$event[0]['msg']	= addslashes(	"<table><tr><td colspan=2>Help Commands:</td></tr>" .
							"<tr><th align=center NOWRAP>Command</th><th>Usage</th></tr>" .
							getHelp() .
							"</table>");
	} else if (eregi("^/away", $msg)) {
		if (strlen($msg) > 6) {
			$away_msg	= substr($msg, 6);
		} else {
			$away_msg	= '';
		}
		if ($p_row['user_away'] == 1 && $away_msg == '') {
			$away	= 0;
			$msg	= "<span $msg_class><i>* $username has returned from away</i></span>";
		} else if ($p_row['user_away'] == 1 && $away_msg != '') {
			$away	= 1;
			$msg	= "<span $msg_class><i>* $username has changed their away message: $away_msg</i></span>";
		} else {
			$away	= 1;
			if ($away_msg == '') {
				$away_msg	= "AFK";
			}
			$msg	= "<span $msg_class><i>* $username has gone away: $away_msg</i></span>";
		}

		$sql	= "UPDATE {$dbprefix}prefs SET user_away=$away,user_away_msg='$away_msg' WHERE user_id={$userid}";
		$db->sql_query($sql);

		$event[0]['msg']	= $msg;
		$event[0]['cflags']	= 2;
	} else if (eregi("^/wall", $msg)) {
		if ($isMod) {
			$event[0]['room']	= -1;
			$event[0]['msg']	= eregi_replace("^/wall", "", $msg);
			$event[0]['msg']	= "<b><i><span class=user>NOTICE: -$username-</span> <span $msg_class>$msg </span></i></b>";
		} else {
			$event[0]['room']	= 0;
			$event[0]['userto']	= $userid;
			$event[0]['msg']	= "<span class=sysmsg><b>*** ERROR: you must be a moderator to use the /wall command.</b></span>";
		}
	} else if (eregi("^/shout", $msg)) {
		if (strlen($msg) > 7) {
			$roomname		= getRoomNameBySession($_REQUEST['sid']);
			$msg			= eregi_replace("^/shout", "", $msg);
			$event[0]['room']	= -1;
			$event[0]['msg']	= "<b><i><span class=user>-$username-</span> <span $msg_class>shouts from $roomname: $msg </span></i></b>";
		} else {
			$event[0]['room']	= 0;
			$event[0]['userto']	= $userid;
			$event[0]['msg']	= addslashes("<span class=sysmsg><b>*** ERROR: format is /shout [msg]</b></span>");
		}
	} else if (eregi("^/ping", $msg)) {
		$event[0]['userto']	= $userid;
		$event[0]['room']	= 0;
		$event[0]['msg']	= "<i>&gt;&gt;&gt;Pong. . .</i>";
	} else if (eregi("^/switch", $msg)) {
		if ($isMod) {
			$room	= substr($msg, 7);
			$sql	= "UPDATE {$dbprefix}sessions SET room_id=$room WHERE session_id='{$_REQUEST['sid']}'";
			$result	= $db->sql_query($sql);
			$event[0]['room']	= $room;
			$event[0]['msg']	= "*** $username has rejoined the room.";
		} else {
			$event[0]['userto']	= $userid;
			$event[0]['room']	= 0;
			$event[0]['msg']	= "<i>You are not authorized to use the switch command.</i>";
		}
	} else if (eregi("^/time$", $msg)) {
		$sql	= "SELECT DATE_FORMAT(NOW(), '%a %M %D, %Y @ %h:%i %p') AS cur_time";
		$result	= $db->sql_query($sql);
		$trow	= $db->sql_fetchrow($result);

		$event[0]['userto']	= $userid;
		$event[0]['room']	= 0;
		$event[0]['msg']	= "<span class=sysmsg><b>*** Current time is: {$trow['cur_time']}</b></span>";
	} else if (eregi("^/look", $msg)) {
		$sql	= "SELECT *
				FROM
					{$dbprefix}prefs AS p,
					{$dbprefix}sessions AS s
				WHERE
					p.user_id=s.user_id AND
					s.room_id=$room
				ORDER BY
					user_alias";
		$result	= $db->sql_query($sql);
		$msg	= "<table width=100% border=1><tr><td class=row1>Current room:</td></tr>";
		while ($lrow = $db->sql_fetchrow($result)) {
			$msg	.= "<tr><td class=row1>{$lrow['user_alias']}";
			if ($lrow['username'] != $lrow['user_alias']) {
				$msg	.= " ({$lrow['username']})";
			}
			if ($lrow['user_away']) {
				$msg	.= " -- away message: {$lrow['user_away_msg']}";
			}
			$msg	.= "</td></tr>";
		}
		$msg	.= "</table>";

		$event[0]['userto']	= $userid;
		$event[0]['room']	= 0;
		$event[0]['msg']	= $msg;
	} else if (eregi("^/topic", $msg)) {
		if ($isMod) {
			if (strlen($msg) > 7) {
				$topic	= stripslashes(filter_msg(substr($msg, 7)));
				$dtopic	= filter_msg(substr($msg, 7));
			} else {
				$topic	= '';
			}

			$sql	= "UPDATE {$dbprefix}rooms SET room_topic='$dtopic' WHERE room_id=$room";
			$result	= $db->sql_query($sql);

			$event[0]['msg']	= addslashes("<span class=sysmsg>*** $username changes the topic to '$topic'</span>");
			$event[0]['cflags']	= 1;
		} else {
			$event[0]['userto']	= $userid;
			$event[0]['room']	= 0;
			$event[0]['msg']	= "<span class=sysmsg><b>*** ERROR: you must be a moderator to use the /topic command.</b></span>";
		}
	} else if (eregi("^/kick ", $msg)) {
		if ($isMod) {
			$msg = stripslashes($msg);

			if (eregi("^/kick '([^']*)' (.*)", $msg, $matches)) {
				$user	= $matches[1];
				$pm	= $matches[2];
			} else if (eregi("^/kick \"([^']*)\" (.*)", $msg, $matches)) {
				$user	= $matches[1];
				$pm	= $matches[2];
			} else if (eregi("^/kick ([^ ]*) (.*)", $msg, $matches)) {
				$user	= $matches[1];
				$pm	= $matches[2];
			} else {
				$event[0]['userto']	= $userid;
				$event[0]['room']	= 0;
				$event[0]['msg']	= addslashes("<span class=sysmsg><b>*** ERROR: could not parse the '/kick' command.</b></span>");
			}

			if ($room != 0) {
				print("<!-- pm to '$user': '$pm' -->\n");
				$uid	= getOnlineUserIdByName($user);

				if ($userto == -1) {
					$event[0]['userto']	= $userid;
					$event[0]['room']	= 0;
					$event[0]['msg']	= addslashes("<span class=sysmsg><b>*** ERROR: '$user' is not online to /kick: $pm.</b></span>");
				} else {
					$event[1]['userto']	= $uid;
					$event[1]['room']	= 0;
					$event[1]['msg']	= addslashes("<b><span $msg_class>*** </span><span class=user>$username{$tag} </span><span $msg_class> has kicked you from $rname: $pm </span></b>");

					$event[0]['msg']	= addslashes("<b><span $msg_class>*** </span><span class=user>$username{$tag}</span><span $msg_class> has kicked </span><span class=user>$user</span><span $msg_class> from $rname: $pm </span></b>");
					$event[0]['cflags']	= 2;

					$sql	= "UPDATE {$dbprefix}sessions SET room_id=-2 WHERE user_id=$uid";
					$db->sql_query($sql);
				}
			}
		} else {
			$event[0]['userto']	= $userid;
			$event[0]['room']	= 0;
			$event[0]['msg']	= "<span class=sysmsg><b>*** ERROR: you must be a moderator to use the /kick command.</b></span>";
		}
	} else if (eregi("^/msg ", $msg)) {
		$msg = stripslashes($msg);

		if (eregi("^/msg '([^']*)' (.*)", $msg, $matches)) {
			$user	= $matches[1];
			$pm	= $matches[2];
		} else if (eregi("^/msg \"([^']*)\" (.*)", $msg, $matches)) {
			$user	= $matches[1];
			$pm	= $matches[2];
		} else if (eregi("^/msg ([^ ]*) (.*)", $msg, $matches)) {
			$user	= $matches[1];
			$pm	= $matches[2];
		} else {
			$event[0]['userto']	= $userid;
			$event[0]['room']	= 0;
			$event[0]['msg']	= "<span class=sysmsg><b>*** ERROR: could not parse the '/msg' command.</b></span>";
		}

		if ($room != 0) {
			print("<!-- pm to '$user': '$pm' -->\n");
			$pm	= addslashes($pm);
			$user	= addslashes($user);
			$user_s	= getSessionPrefsByName($user);

			if ($user_s == -1) {
				$event[0]['userto']	= $userid;
				$event[0]['room']	= 0;
				$event[0]['msg']	= "<span class=sysmsg><b>*** ERROR: \'$user\' is not online to /msg: $pm.</b></span>";
			} else if ($user_s['user_allow_pms'] == 1) {
				$event[0]['userto']	= $userid;
				$event[0]['room']	= 0;
				$event[0]['msg']	= "<span class=sysmsg><b>*** ERROR: {$user_s['user_alias']} is not receiving personal messages.</b></span>";
			} else if ($user_s['user_allow_ext_pms'] == 1 && !checkUserRoomById($user_s['user_id'], $room)) {
				$event[0]['userto']	= $userid;
				$event[0]['room']	= 0;
				$event[0]['msg']	= "<span class=sysmsg><b>*** ERROR: {$user_s['user_alias']} is not receiving personal messages from other rooms.</b></span>";
			} else {
				$user	= $user_s['user_alias'];
				$event[0]['room']	= 0;
				$event[0]['userto']	= $userid;
				$event[0]['msg']	= "<table width=100% border=1><tr><td class=row1><span $msg_class>Private Message to </span><span class=user>$user</span><span $msg_class>: $pm </span></td></tr></table>";

				$event[1]['room']	= 0;
				$event[1]['userto']	= $user_s['user_id'];
				$event[1]['msg']	= "<table width=100% border=1><tr><td class=row1><span $msg_class>Private Message from </span><span class=user>$username{$tag}</span><span $msg_class>: $pm </span></td></tr></table>";

				if ($user_s['user_away'] == 1) {
					$event[2]['room']	= 0;
					$event[2]['userto']	= $userid;
					$event[2]['msg']	= "<table width=100% border=1><tr><td class=row1><span $msg_class>Away Message from </span><span class=user>$user</span><span $msg_class>: {$user_s['user_away_msg']}</span></td></tr></table>";
				}
			}
		}
	} else if (ereg("^/", $msg) && !eregi("^/me", $msg)) {
		$event[0]['parsed']	= 0;
		foreach ($plugins as $plugin) {
			if (eregi("command", $plugin['TYPE'])) {
				call_user_func_array($plugin['FUNC'], array($userinfo, &$event));
			}
		}

		if ($event[0]['parsed'] == 0) {
			$event[0]['room']	= 0;
			$event[0]['userto']	= $userid;
			$event[0]['msg']	= addslashes("<span class=sysmsg><b>*** Error: unknown command '$msg'</b></span>");
		}
	} else if ($_REQUEST['userto'] != 0) {
		$userto	= $_REQUEST['userto'];
		$user_s	= getSessionPrefsById($userto);

		$event[0]['room']	= 0;
		$event[0]['userto']	= $userid;

		if ($user_s == -1) {
			$event[0]['msg']	= "<span class=sysmsg><b>*** ERROR: User is no longer online to private msg.</b></span>";
		} else if ($user_s['user_allow_pms'] == 1) {
			$event[0]['msg']	= "<span class=sysmsg><b>*** ERROR: {$user_s['user_alias']} is not receiving personal messages.</b></span>";
		} else if ($user_s['user_allow_ext_pms'] == 1 && !checkUserRoomById($_REQUEST['userto'], $room)) {
			$event[0]['msg']	= "<span class=sysmsg><b>*** ERROR: {$user_s['user_alias']} is not receiving personal messages from other rooms.</b></span>";
		} else {
			$user	= $user_s['user_alias'];

			if (!eregi("^/me", $msg)) {
				$pm	= $msg;

				$event[1]['msg']	= "<table width=100% border=1><tr><td class=row1><span $msg_class>Private Message from </span><span class=user>$username{$tag}</span><span $msg_class>: $pm </span></td></tr></table>";
				$event[1]['userto']	= $userto;
				$event[1]['room']	= 0;
			} else {
				$pm	= eregi_replace("^/me 's", "* </span><span class=user>$username</span><span $msg_class>'s", $msg);
				$pm	= eregi_replace("^/me", "* </span><span class=user>$username</span><span $msg_class>", $pm);

				$event[1]['msg']	= "<table width=100% border=1><tr><td class=row1><span $msg_class>Private Message: $pm </span></td></tr></table>";
				$event[1]['userto']	= $userto;
				$event[1]['room']	= 0;
			}

			$event[0]['msg']	= "<table width=100% border=1><tr><td class=row1><span $msg_class>Private Message to </span><span class=user>$user</span><span $msg_class>: $pm</span></td></tr></table>";

			if ($user_s['user_away'] == 1) {
				$event[2]['msg']	= addslashes("<table width=100% border=1><tr><td class=row1><span $msg_class>Away Message from </span><span class=user>$user</span><span $msg_class>: {$user_s['user_away_msg']}</span></td></tr></table>");
				$event[2]['room']	= 0;
				$event[2]['userto']	= $userid;
			}
		}
	} else {
		//$msg			= addslashes($msg);
		$event[0]['msg']	= "<span class=user>-$username{$tag}-</span> <span $msg_class>$msg </span>";
	}

	foreach ($event as $thisevent) {
		$msg	= filter_msg($thisevent['msg']);
		$userto	= $thisevent['userto'];
		$room	= $thisevent['room'];

		print("<!-- MESSAGE: $msg -->\n");
		print("<!-- USER TO: $userto -->\n");
		print("<!-- ROOM: $room -->\n");

		//if ($_REQUEST['userto'] != 0 && $userto == 0) {
			//$userto	= $_REQUEST['userto'];
			//print("<!-- REMAPPED USER TO VIA SELECT: $userto -->\n");
		//}

		$sqla	= '';	$sqlb	= '';
		if ($thisevent['cflags']) {
			$sqla	.= ", event_chat_flags";
			$sqlb	.= ", {$thisevent['cflags']}";
		}

		if ($thisevent['sflags']) {
			$sqla	.= ", event_server_flags";
			$sqlb	.= ", {$thisevent['sflags']}";
		}

		$sql	= "INSERT INTO {$dbprefix}events (user_id_from, user_id_to, room_id_to, event_text, event_date$sqla)
				VALUES ({$userid}, $userto, $room, '$msg', NOW()$sqlb)";

		//print("<!-- SQL: $sql -->\n");
		//$db->add_to_log($sql);
		$result	= $db->sql_query($sql);
	}

	$sql	= "UPDATE {$dbprefix}sessions SET idle_timer=0 WHERE session_id='{$_REQUEST['sid']}'";
	$result	= $db->sql_query($sql);
}

if ($_REQUEST['pastebox'] != '') {
	print("<script language=javascript>\nself.close()\n</script>\n");
	exit;
}

$header[]['HEADER_TEXT']	= "<script language=javascript src=chat_functions.js></script>\n";
setDomainText(__FILE__, &$header, $_REQUEST['cpsp']);
showHeader($body, $header);

$template = new Template($config['TPL_DIR']);
$template->set_filenames(array('body' => 'submit_body.tpl'));

$room_list	= getRoomUsers($row['room_id'], $_REQUEST['userto']);

if ($_REQUEST['multiline'] == 'on') {
	$ml	= "off";
	$ml_l	= "Single-Line";
} else {
	$ml	= "on";
	$ml_l	= "Multi-Line";
}

$template->assign_vars(array(
	'U_SUBMIT'		=> "submit.$phpEx",
	'U_FORUMS'		=> $config['FORUM_LINK_URL'],
	'U_WHOSON'		=> "whoson.$phpEx?sid={$_REQUEST['sid']}",
	'U_MULTISINGLE'		=> "submit.$phpEx?multiline=$ml&sid={$_REQUEST['sid']}&cpsp={$_REQUEST['cpsp']}",
	'U_PASTEBOX'		=> "javascript:ML.popup('{$_REQUEST['sid']}');",
	'U_HELP'		=> "help.$phpEx",
	'U_OPTIONS'		=> "options.$phpEx?sid={$_REQUEST['sid']}",
	'U_SMILIES'		=> $smilies_all_url,
	'U_ALIASES'		=> "aliases.$phpEx?sid={$_REQUEST['sid']}",
	//'U_ALIASES'		=> "{$config['FORUM_BASE_URL']}/aliases.$phpEx",
	'U_SMILIES_PATH'	=> $smilies_path,

	'L_MULTISINGLE'		=> $ml_l,
	'L_FORUMS'		=> $config['FORUM_NAME'],

	'CPSP'			=> $_REQUEST['cpsp'],
	'SID'			=> $_REQUEST['sid'],
	'ROOM_LIST'		=> $room_list,
));

if ($_REQUEST['multiline'] == "on") {
	$template->assign_block_vars('switch_multiline', array());
} else {
	$template->assign_block_vars('switch_singleline', array());
}

if ($p_row['user_show_smilies'] == 0 && !$DISABLE_SMILIES) {
	$template->assign_block_vars('switch_smilies', array());
	$sql	= "SELECT * FROM $smilies_table GROUP BY $smile_url_field $smilies_limit";
	if ($result = $db->sql_query($sql)) {
		while ($row = $db->sql_fetchrow($result)) {
			$template->assign_block_vars('switch_smilies.smilies', array(
				'PATTERN'	=> $row[$smile_pattern_field],
				'URL'		=> $row[$smile_url_field]
			));
		}
	}
}

$template->pparse('body');
?>
